Wanted: Website Review Please review my first online shop

[alexalex is verified member.]

I found one one occasion that is_numeric() would accept a "." and "," so you may need to test further.

The main thing is that you ensure you do your best to process out everything possible before you hit the database.

I'll certainly keep reviewing things to ensure they are as secure as possible. In terms of the database I completely agree that I don't want it hacked into and will do whatever I can to prevent it. With regard to the basket, I've built it to work using sessions to limit this threat. In theory if someone managed to manipulate price or quantity then I’d still have the ability to refund anything they paid and cancel the transaction without any damage to the site. That said I certainly want it to run flawlessly so I don't have the hassle.

I'd say that's safe enough! I'd have just gone with:

echo (in_array($qty, range(1,10))) ? "ALLOWED" : "NOT ALLOWED";

That seems much more simple than what I’m doing and it would remove several lines of my script so I will have a play with it now